 |  |  |  |  |  |  |  |
Newbie with problems
 |
Hello everyone! Glad I found this board!! I am going nuts with 2 problems I am having. Problem 1: I cannot open links on forums or anywhere!! When I click on a link nothing happens. Problem 2: When I click on (START) then (Search for files and folders) nothing happens. I am just trying to use my regular desktop search for files and folders and it dosen't do anything when I click on it. I ran hijack this and this is what I got:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:17 AM, on 8/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\drieqchk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\wstbase.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Uit9952.exe
C:\WINDOWS\System32\Uit9952.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\mycomputer\Local Settings\Temp\Temporary Directory 14 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O4 - HKLM\..\Run: [3K2SJMB3#XWWWM] C:\WINDOWS\System32\Vryu.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p7rh3FU] drieqchk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Yw0nRPY4U] wstbase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
Tried deleting some of that stuff but it kept coming back after I would run hijack this over and over! I can't even search to delete anything because search won't work on my desktop. Also, I get pop ups all day like a MOFO!!HEEEELP!!! :!:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:17 AM, on 8/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\drieqchk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\wstbase.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Uit9952.exe
C:\WINDOWS\System32\Uit9952.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\mycomputer\Local Settings\Temp\Temporary Directory 14 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O4 - HKLM\..\Run: [3K2SJMB3#XWWWM] C:\WINDOWS\System32\Vryu.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p7rh3FU] drieqchk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Yw0nRPY4U] wstbase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
Tried deleting some of that stuff but it kept coming back after I would run hijack this over and over! I can't even search to delete anything because search won't work on my desktop. Also, I get pop ups all day like a MOFO!!HEEEELP!!! :!:
Hi franco802,
As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.
As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
OK, first of all:
1. You are running an older version of HJT. Please get the newest (1.98.2) version.
2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.
Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.
1. You are running an older version of HJT. Please get the newest (1.98.2) version.
2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.
Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2004
Posts: 10,002
Reputation: 
Solved Threads: 757
You also have the peper trojan. To remove it please do the following:
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Make sure you do what DMR requested & post the log as there will be remnants to delete.
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Make sure you do what DMR requested & post the log as there will be remnants to delete.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Newbie: problems deleting lines from text file (large) (Python)
- Please help a Newbie with problems (IT Professionals' Lounge)
- newbie problems (C#)
- real newbie problems!! (MySQL)
- More newbie problems - VBScript and Env variables (Visual Basic 4 / 5 / 6)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help! Can't browse, use control panel or Explorer
- Next Thread: Please read this hijack log and advise
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
